CSEC is a lead agency in the federal government for information technology security. In accordance with the Treasury Board - Government Security Policy (GSP), CSEC is responsible to test, inspect and evaluate IT products and systems to identify risks, vulnerabilities and appropriate mitigation, and conduct related technical research and development.
The Cyber Protection Supply Arrangement (CPSA) is an initiative jointly managed by CSEC, Public Works and Government Services Canada (PWGSC) and Treasury Board Secretariat (TBS) to pre-qualify IT Security companies and resources within four different Work streams and an Aboriginal Set Aside for use within the Government of Canada (GC). The objective of the program is to facilitate the procurement of pre qualified resources within several IT Security resource categories. Click here for the list of CPSA Work Streams and resource categories.
Cyber Protection Procurement Guidance (CPPG) will provide GC departments and agencies with a series of baseline IT security requirements, focussing on technologies as opposed to specific products. The security requirements will be in the form of Statements Of Security Requirements (SOSRs) for tenders and procurement initiatives by GC departments and agencies.
The COTS Security Guidance Program (CSG) is a new initiative by CSEC to provide GC departments with the relevant and applicable contextual guidance necessary for the secure use of COTS technologies. The CSG program offers a suite of guidance documents, providing recommendations in the specification, configuration, implementation and maintenance of IT security technologies. Click here for a list of documents.
The Cryptographic Module Validation Program (CMVP) is a program jointly managed by CSEC and NIST for the validation of cryptographic modules to the FIPS 140-1 and FIPS 140-2, and other cryptographic FIPS. CSEC is the Canadian certification authority. Click here for a list of FIPS 140-1 and FIPS 140-2 validated cryptographic modules.
The Canadian Industrial TEMPEST Program (CITP) fosters a Canadian industrial capability to produce commercial off-the-shelf TEMPEST products and services to meet the needs of the Government of Canada. The CITP also provides protection for and control of TEMPEST information and prepares Canadian industry to participate in capital programs.
The Canadian Common Criteria Scheme (CCCS) is a Canadian independent third party evaluation and certification service for measuring the trustworthiness of IT security products and systems. Evaluations are performed against the requirements of the Common Criteria, facilitating recognition of evaluations carried out under the CCS internationally.
Finally, through our Industry Program, CSEC works with Canadian industry to seek formal agreements with other governments on equivalent program standards and procedures, and mutual acceptance of accreditation results.